High severity7.2NVD Advisory· Published May 11, 2026· Updated May 12, 2026

CVE-2026-41951

Description

Path traversal vulnerability exists in GROWI v7.5.0 and earlier, which may allow an attacker to execute arbitrary EJS templates on the server when an email server is running in GROWI.

Affected products

Weseek/Growiinferred2 versions
<=7.5.0+ 1 more
- (no CPE)range: <=7.5.0
- (no CPE)range: <=7.5.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

growi.co.jp/news/44/nvd
jvn.jp/jp/JVN38788367/nvd

News mentions

No linked articles in our index yet.

cvss	0.468
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000